Oracle WebLogic Server is prone to a security vulnerability because it does not sufficiently sanitize user-supplied input. An attacker can exploit this vulnerability to gain access to the system. This access can be exploited to access, change, and delete data. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to the targeted system. An attacker must be able to access the target system to exploit this vulnerability.
Oracle WebLogic Server is prone to a security vulnerability because it does not sufficiently sanitize user-supplied input. An attacker can exploit this vulnerability to gain access to the system. This access can be exploited to access, change, and delete data. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to the targeted system. An attacker must be able to access the target system to exploit this vulnerability. Web applications are high value targets and are often targeted by attackers. Reducing the exposure of web applications to attacks is important. Redirecting users to a secure login page when they occur in non-secure environments can help protect users and systems from illegitimate access by attackers. Redirecting requests for sensitive information to a secure landing page can help prevent attackers from accessing and modifying critical information
Products Affected by the Vulnerability
The vulnerability affects Oracle WebLogic Server versions 11.2.1.3 and earlier and Java SE Development Kit 5.0 Update 16 and earlier, 5.0 Update 17 and earlier, 6u131, 7u101, 8u78, 11gR1-b13 and RHEL 5 U4 and later.
Requirements/Scopes
Two-Factor Authentication
Oracle WebLogic Server is prone to a security vulnerability because it does not sufficiently sanitize user-supplied input. An attacker can exploit this vulnerability to gain access to the system. This access can be exploited to access, change, and delete data. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to the targeted system. An attacker must be able to access the target system to exploit this vulnerability.
Vulnerability overview
An unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to the targeted system. An attacker must be able to access the target system to exploit this vulnerability. The vulnerability is caused by the lack of proper authentication on the affected server. This vulnerability could allow an attacker to execute arbitrary code on the vulnerable system.
This flaw affects WebLogic Server 12.1 and earlier, which are prone to remote code execution vulnerabilities.
Vulnerabilities affecting Oracle WebLogic Server CVE-2022-21252
Timeline
Published on: 01/19/2022 12:15:00 UTC
Last modified on: 01/22/2022 03:43:00 UTC